Changes
Started by upstream project gerrit-libosmo-abis #510
Started 14 hr ago
Queued 10 sec
Took 1 min 18 sec
on build4-deb12build-ansible
lapd_sap_stop(): fix use of uninitialized stack memory
DL-RELEASE in lapd_core can be done in two ways: by sending DISC
and waiting for UA, or a purely local clearing of state. The
selection between these two modes is communicated via an extended
field in struct osmo_dlsap_prim that extends beyond the standard
struct osmo_prim_hdr. lapd_sap_stop() is a wrapper function that
sends DL-RELEASE to lapd_core; its only current users are the
vendor-specific E1 BTS handlers for Ericsson and Nokia in OsmoBSC,
and both of those need local release handling. This wrapper
function does allocate correctly-sized struct osmo_dlsap_prim
on the stack, but until now it failed to initialize the extended
field - hence the actual behavior was subject to laws of chance,
depending on uninitialized content of stack memory.
Change-Id: Ic1469698ee8edf9b6fb55df8f79cc062be711f61
DL-RELEASE in lapd_core can be done in two ways: by sending DISC
and waiting for UA, or a purely local clearing of state. The
selection between these two modes is communicated via an extended
field in struct osmo_dlsap_prim that extends beyond the standard
struct osmo_prim_hdr. lapd_sap_stop() is a wrapper function that
sends DL-RELEASE to lapd_core; its only current users are the
vendor-specific E1 BTS handlers for Ericsson and Nokia in OsmoBSC,
and both of those need local release handling. This wrapper
function does allocate correctly-sized struct osmo_dlsap_prim
on the stack, but until now it failed to initialize the extended
field - hence the actual behavior was subject to laws of chance,
depending on uninitialized content of stack memory.
Change-Id: Ic1469698ee8edf9b6fb55df8f79cc062be711f61
falcon
at